[每日信息流] 2024-06-27

[chainreactorbot]

每日安全资讯（2024-06-27）

• SecWiki News
  • [ ] SecWiki News 2024-06-26 Review
• Trustwave Blog
  • [ ] Ransomware, Supply Chain & Tech Threats Explode – 2024 Trustwave SpiderLabs Report
• CXSECURITY Database RSS Feed - CXSecurity.com
  • [ ] evince - Blind Sql Injection
  • [ ] Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password
  • [ ] SolarWinds Platform 2024.1 SR1 Race Condition
  • [ ] Automad 2.0.0-alpha.4 Cross Site Scripting
• Doonsec's feed
  • [ ] FastJson-RCE (CVE-2017-18349) 漏洞复现
  • [ ] CISCN华东北 2024 比赛题解
  • [ ] 秦安：中东危急，伊美及联合国与以色列吵翻天，中国在干一件大事
  • [ ] 秦安：美军航母趁夜偷跑逃离中东，养好了伤吗？胡塞武装一战封神
  • [ ] 王常胜：美帝靠地理优势嚣张、“台独”凭险拒统，只能是白日做梦
  • [ ] Openai禁止中国人使用？真相是...(2)
  • [ ] APP分发签名系统index-uplog.php存在任意文件上传漏洞
  • [ ] 真心建议计算机专业同学，千万别把路走窄了......
  • [ ] 有时候，真不想承认我是学计算机的！
  • [ ] 【每日一题】蓝桥杯大学组历年真题及题解 - 碱基
  • [ ] 逆向学习汇编篇 -- 数据在内存与寄存器之间的传输机制
  • [ ] 逆向学习汇编篇 -- 算术运算和逻辑运算
  • [ ] 分享图片
  • [ ] 中共海南省委网络安全和信息化委员会办公室关于公开征求《海南自由贸易港国际数据中心发展条例（公开征求意见稿）》意见的通告
  • [ ] 中国密码学会 | 关于举办2024第九届全国密码技术竞赛的通知
  • [ ] 新保密法：加强网络信息和数据信息管理
  • [ ] 美联储疑遭勒索软件攻击泄露33TB敏感数据
  • [ ] 字节跳动发布“豆包MarsCode”智能开发工具，面向国内开发者免费
  • [ ] Apple 修补了可能允许窃听的 AirPods 蓝牙漏洞
  • [ ] 如何找到正确的网络钓鱼目标
  • [ ] 喜报!全国大学生信息安全竞赛线下赛获得双二等奖!
  • [ ] 星火力量丨华利达获授工业互联网标识注册服务许可证
  • [ ] 星火阵地｜工业互联网标识解析国家顶级节点(重庆)标识注册量解析量双双突破三百亿大关
  • [ ] 全网性价比最高vps
  • [ ] 备战HVV，应急响应特训
  • [ ] 一次报错所引发的五千漏洞赏金记录
  • [ ] 天融信再度列入Gartner®报告“数据分类分级领域”代表供应商
  • [ ] 每日安全提醒~
  • [ ] G.O.S.S.I.P 阅读推荐 2024-06-26 Byzantine-Robust DFL
  • [ ] 主数据治理10大坑
  • [ ] 少年，该出发了
  • [ ] 【红蓝/演练】-战后收尾(2)之复盘提升
  • [ ] 黑客“教”你们如何隐藏恶意软件
  • [ ] IDC：奇安信、深信服、安恒、绿盟、斗象组成了中国NDR市场的主要玩家
  • [ ] 百家说事 | 第一场：软件供应链安全，SCA可堪重用？
  • [ ] 实战淬炼！大数据分析与建模中级培训报名启动，超值活动价速戳了解→
  • [ ] 【漏洞通告】Progress MOVEit Transfer身份验证漏洞(CVE-2024-5806)
  • [ ] 火绒个人版6.0常见问题
  • [ ] 盛邦安全受邀出席2024年“数智创新”高端论坛，探讨交通大模型与数据安全话题
  • [ ] Rafel RAT恶意软件可能影响39亿台旧安卓手机
  • [ ] 数据安全实践与探索 | FreeBuf 北京站议题前瞻
  • [ ] 在过去3年中，有2.8亿人安装了危险的Chrome浏览器扩展程序
  • [ ] 如何使用sr2t将你的安全扫描报告转换为表格格式
  • [ ] 【车联网】现代汽车Ioniq SEL渗透测试（7）
  • [ ] 【资讯】工信部科技司就《人工智能大模型训练数据处理流程及质量评价模型》等12项行业标准计划项目公开征求意见
  • [ ] 【资讯】海南省委网信办就《海南自由贸易港国际数据中心发展条例（公开征求意见稿）》公开征求意见
  • [ ] 【资讯】海南省委网信办发布《海南省数据出境安全评估申报工作指引（第二版）》
  • [ ] 【资讯】上海市通信管理局发布《关于纵深推进“浦江护航”数据安全专项行动的通知》
  • [ ] 【安全圈】新的 Linux 恶意软件通过 Discord 发送的表情符号进行控制
  • [ ] 【安全圈】印尼国家数据中心遭黑客入侵，被勒索1310亿印度尼西亚盾
  • [ ] 【安全圈】南非国家卫生实验室在 mpox（猴痘）疫情爆发期间遭受勒索软件攻击
  • [ ] 【安全圈】研究称 2.8 亿 Google Chrome 用户安装了危险扩展程序
  • [ ] 学习干货|保姆式实战等保测评Linux镜像(邀请码+综合全流程+未公开漏洞)
  • [ ] 安全聘 | 某大型公司（物流地产、金融、新能源）领域招安全专家
  • [ ] 应急响应集训营来了！
  • [ ] 【论文速读】| LLAMAFUZZ：大语言模型增强的灰盒模糊测试
  • [ ] 全球视角下的AI安全挑战：面向未来的准备
  • [ ] 【国际视野】美国管理和预算办公室发布《2023财年报告》
  • [ ] 直播预告 | C2攻守道！防守队：防不住，根本防不住
  • [ ] 车联网数据安全体系及关键技术研究
  • [ ] 车载以太网：解决复杂线束并支持更多的数据
  • [ ] 中国网络法治三十年 | 一图速览我国网络法治建设实践成就
  • [ ] 国家发展改革委办公厅、金融监管总局办公厅发布《关于进一步提升融资信用服务平台服务质效深入推进“信易贷”工作的通知》
  • [ ] “代表厂商”！深信服凭借超融合入选Gartner®《全栈超融合软件市场指南》
  • [ ] 奇安信获得国家科学技术进步奖
  • [ ] 奇安信四项信创解决方案全部上榜“2024广东软件风云榜”
  • [ ] BCS2024 │ 第四次工业革命的核心驱动力 聚焦灯塔工厂网络安全
  • [ ] 北京安天党支部荣获“先进基层党组织”荣誉称号
  • [ ] 云弈科技受邀参加2024京津冀信息通信领域网络安全实战攻防演练
  • [ ] 和小红书一起参会！ 了解大模型与大数据融合的技术趋势
  • [ ] 绕过AMSI的另一种方式
  • [ ] 耳朵没错，是声音太真了，字节豆包语音合成成果Seed-TTS技术揭秘
  • [ ] 从全球首例光伏电场网络攻击事件谈网络安全防护策略
  • [ ] web渗透测试——信息收集上（超详细）
• Recent Commits to cve:main
  • [ ] Update Wed Jun 26 22:27:31 UTC 2024
  • [ ] Update Wed Jun 26 14:36:55 UTC 2024
  • [ ] Update Wed Jun 26 06:31:18 UTC 2024
• Armin Ronacher's Thoughts and Writings
  • [ ] What is Self Hosted? What is a Stack?
• Filippo Valsorda
  • [ ] XAES-256-GCM
• 先知安全技术社区
  • [ ] 启发式防御大模型越狱攻击
  • [ ] 【_LIST_ENTRY详解】shellcode免杀之动态获取API
  • [ ] 内网端口转发利器：Sharp4TranPort使用指南
  • [ ] 对特洛伊木马Androm样本的研究分析
  • [ ] 从xctf决赛 ezthink挖掘tp8的反序列化链
  • [ ] CVE-2024-28397 js2Py逃逸浅析
• Files ≈ Packet Storm
  • [ ] Ollama Remote Code Execution
  • [ ] Debian Security Advisory 5720-1
  • [ ] Ubuntu Security Notice USN-6847-1
  • [ ] Debian Security Advisory 5719-1
  • [ ] Ubuntu Security Notice USN-6819-4
  • [ ] Ubuntu Security Notice USN-6848-1
  • [ ] SolarWinds Platform 2024.1 SR1 Race Condition
  • [ ] Automad 2.0.0-alpha.4 Cross Site Scripting
  • [ ] Debian Security Advisory 5718-1
  • [ ] Ubuntu Security Notice USN-6849-1
  • [ ] Ubuntu Security Notice USN-6850-1
  • [ ] Ubuntu Security Notice USN-6746-2
  • [ ] Poultry Farm Management System 1.0 Shell Upload
• Security Boulevard
  • [ ] How NinjaOne’s New MDM Capabilities Transform IT Management
  • [ ] Chinese APT Groups Use Ransomware to Hide Spying Activities
  • [ ] News Alert: FireTail unveils free access to its enterprise-level API security platform — to all
  • [ ] USENIX Security ’23 – Assessing Anonymity Techniques Employed in German Court Decisions: A De-Anonymization Experiment
  • [ ] Protecting the Soft Underbelly of the Data Center
  • [ ] Scattered Spider: Evolving & Resilient Group Proves Need for Constant Defender Vigilance
  • [ ] Randall Munroe’s XKCD ‘Network Configuration’
  • [ ] Pen Testing Across the Environment: External, Internal, and Wireless Assessments
  • [ ] WordPress Plugin Supply Chain Attack Gets Worse
  • [ ] A WIN for Cloud Security with Adaptive Shield and Wiz
• Twitter @Nicolas Krassas
  • [ ] Nyxstone: An LLVM-based (Dis)assembly Framework https://www.reddit.com/r/ReverseEngineering/comments/1dp33vw/nyxstone_an_llvmbased_disassembly_framewo...
  • [ ] US convicts crypto-robbing gang leader who kidnapped victims before draining their accounts https://go.theregister.com/feed/www.theregister.com/2024/0...
  • [ ] Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released https://www.bleepingcomputer.com/news/security/exploit-for-critical-fortra-fileca...
  • [ ] Pegasus servers sequestered in Poland https://www.scmagazine.com/brief/pegasus-servers-sequestered-in-poland
  • [ ] OpenAI brings its ChatGPT app to all Mac users https://www.computerworld.com/article/2505363/openai-brings-its-chatgpt-app-to-all-mac-users.html
  • [ ] Attackers in Profile: menuPass and ALPHV/BlackCat https://www.trendmicro.com/en_us/research/24/f/menupass-alphv-blackcat-threats.html
  • [ ] New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP! https://thehackernews.com/2024/06/new-moveit-transfer-vulnerability-under.ht...
  • [ ] Ebay Seller Offers Stingray Device For $100,000 https://packetstormsecurity.com/news/view/36033/Ebay-Seller-Offers-Stingray-Device-For-100-000.html
  • [ ] Federal Reserve “breached” data may actually belong to Evolve Bank https://www.malwarebytes.com/blog/news/2024/06/federal-reserve-breached-data-may-...
  • [ ] Geisinger attributes breach to Microsoft subsidiary https://www.scmagazine.com/brief/geisinger-attributes-breach-to-microsoft-subsidiary
  • [ ] Ransomware disrupts South Africa’s national health lab https://www.scmagazine.com/brief/ransomware-disrupts-south-africas-national-health-lab
  • [ ] Batten down the hatches, it's time to patch some more MOVEit bugs https://go.theregister.com/feed/www.theregister.com/2024/06/26/batten_down_the_hatch...
  • [ ] Stolen Singaporean Identities Sold on Dark Web Starting at $8 https://hackread.com/stolen-singaporean-identities-sold-on-dark-web/
  • [ ] Modular trojan deployed via SQL injection attacks https://www.scmagazine.com/brief/modular-trojan-deployed-via-sql-injection-attacks
  • [ ] 'Snowblind' Tampering Technique May Drive Android Users Adrift https://www.darkreading.com/remote-workforce/snowblind-tampering-technique-may-drive-an...
  • [ ] P2Pinfect Botnet Now Targets Servers with Ransomware, Cryptominer https://hackread.com/p2pinfect-botnet-target-server-ransomware-cryptominer/
  • [ ] 1-click Exploit in South Korea's biggest mobile chat app https://www.reddit.com/r/ReverseEngineering/comments/1dowyht/1click_exploit_in_south_koreas_b...
  • [ ] Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
  • [ ] Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware https://thehackernews.com/2024/06/chinese-and-n-korean-hackers-target.html
  • [ ] Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html
• ArthurChiao's Blog
  • [ ] TCP Requests Stuck After Connection Established（2024）
• Tenable Blog
  • [ ] Tag, You’re IT! Tagging Your Way to Cloud Security Excellence
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 新的 Linux 恶意软件通过 Discord 发送的表情符号进行控制
  • [ ] 构建网络强国 展望中国网络法治未来
• Private Feed for M09Ic
  • [ ] 4ra1n released 0.1.0 at jar-analyzer/jar-obfuscator
  • [ ] Rvn0xsy starred zodiacon/sysrun
  • [ ] Rvn0xsy starred zodiacon/DriverMon
  • [ ] Rvn0xsy starred zodiacon/AllTools
  • [ ] Rvn0xsy started following zodiacon
  • [ ] zer0yu starred eurecom-s3/symcc
  • [ ] chainreactors forked chainreactors/ksubdomain from boy-hack/ksubdomain
  • [ ] Rvn0xsy starred zodiacon/winnativeapibooksamples
  • [ ] Safe3 released v1.2.0 at Safe3/CVS
  • [ ] zer0yu started following T4y1oR
  • [ ] nightRainy starred po6ix/POC-for-CVE-2023-41993
  • [ ] phith0n starred m-sec-org/EZ
  • [ ] ourren starred KimJun1010/inspector
  • [ ] ourren starred Safe3/firefly
  • [ ] timwhitez starred Meckazin/ChromeKatz
  • [ ] yzddmr6 starred eeeeeeeeee-code/e0e1-wx
  • [ ] zer0yu started following nomi-san
  • [ ] zer0yu starred nomi-san/parsec-vdd
  • [ ] zer0yu starred rtecCyberSec/Packer_Development
  • [ ] zer0yu starred w4iting4/FindIcmpP
  • [ ] zema1 starred DosX-dev/obfus.h
• SpiderLabs Blog
  • [ ] Professional Services Sector Under Attack - Trustwave SpiderLabs Report 2024
• ふるつき
  • [ ] 問題サーバが遠くてタイムアウトが厳しいときの対策2選
• Twitter @bytehx
  • [ ] RT shubs: At @assetnote, we published our research on Magento's pre-authentication XXE (CVE-2024-34102). @hash_kitten and I reproduced this issue toge...
• Reverse Engineering
  • [ ] 1-click Exploit in South Korea's biggest mobile chat app
  • [ ] Nyxstone: An LLVM-based (Dis)assembly Framework
  • [ ] Reversing a Mystery Function
• Intigriti
  • [ ] Vulnerability assessment reporting: A guide for cybersecurity professionals
• Sucuri Blog
  • [ ] How to Troubleshoot & Fix the “This Site Can’t Be Reached” Error
• Blog | Praetorian
  • [ ] A Milestone of Excellence: Praetorian Security Inc. Named to Inc.’s Best Workplaces
• Wallarm
  • [ ] CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud
• FreeBuf网络安全行业门户
  • [ ] FreeBuf早报 | AI工具恶意应用榜单出炉；新加坡公民身份被盗的暗网活动激增230%
  • [ ] 在过去 3 年中，有 2.8 亿人安装了危险的 Chrome 浏览器扩展程序
  • [ ] Fortinet领航平台时代，十城巡展绘就网络安全新纪元
  • [ ] 攻防演练 | 如何做好一名优秀的蓝队（外网篇）
  • [ ] LockBit ”盯上“了印度尼西亚，索要 800 万美元
  • [ ] 曾针对七国安卓用户发起攻击，Medusa银行木马变种“卷土重来”
  • [ ] 数据安全实践与探索 | FreeBuf 北京站议题前瞻
• 奇客Solidot–传递最新科技情报
  • [ ] 韩国 ISP 用恶意程序感染 Webhard 用户
  • [ ] 火箭残骸被拍到坠落在村庄附近
  • [ ] Telegram 称它只有 30 名工程师，安全专家对此表示担忧
  • [ ] Google 将用分页而不是滚动显示搜索结果
  • [ ] OpenAI 对中国地区停止 API 服务
  • [ ] WHO 称近三分之一成年人缺乏锻炼
  • [ ] 富裕国家的生育率创下历史新低
  • [ ] 网游上的纠纷变成线下谋杀
  • [ ] Stability AI 获得新一轮投资
  • [ ] 中国批准减肥药 Wegovy
  • [ ] 不是所有声称开源的 AI 模型是真的开源
  • [ ] CSDN 克隆了大部分 GitHub 公开代码库
• HackerNews
  • [ ] AI 工具恶意应用榜单出炉，政治内容最热门
  • [ ] LockBit “盯上”了印度尼西亚，索要 800 万美元
  • [ ] 曾针对七国安卓用户发起攻击，Medusa 银行木马变种“卷土重来”
  • [ ] 由于 Snowflake 账户被入侵，Neiman Marcus 遭受数据泄露
  • [ ] 南非国家卫生实验室在 mpox（猴痘）疫情爆发期间遭受勒索软件攻击
  • [ ] 研究称 2.8 亿 Google Chrome 用户安装了危险扩展程序
• KitPloit - PenTest & Hacking Tools
  • [ ] Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
• Exploit-DB.com RSS Feed
  • [ ] [webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
  • [ ] [webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
  • [ ] [webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
  • [ ] [webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
• 腾讯玄武实验室
  • [ ] 每日安全动态推送(6-26)
• 奇安信 CERT
  • [ ] Progress MOVEit Transfer身份认证绕过漏洞(CVE-2024-5806)安全风险通告
• CT Stack 安全社区
  • [ ] 【xray五周年盛典 & xapp工具全球首发】—— 探索未来的无限可能！
• 看雪学苑
  • [ ] 嵌入Python解释器的程序逆向
  • [ ] 与美国达成认罪协议，维基揭秘创始人朱利安·阿桑奇重获自由
  • [ ] 【内核驱动高级班】今日更新：R3 Dll 开发、劫持、注入
• 代码卫士
  • [ ] MOVEit Transfer 软件中存在高危的认证不当漏洞
  • [ ] WordPress 插件被安后门，用于发动供应链攻击
  • [ ] 软件提供商CDK Global遭攻击，北美汽车经销商被迫用纸笔交易
• 安全内参
  • [ ] 猴痘病毒爆发期，南非国家卫生实验室因勒索攻击中断服务
  • [ ] 美国防部发布“支点”信息技术推进战略
• 君哥的体历
  • [ ] 证券行业安全验证提升精细化安全运营能力创新实践
• 安全牛
  • [ ] 美国商务部拟对我国三大电信运营商展开风险调查；Rafel RAT恶意软件或影响超39亿台Android设备 | 牛览
  • [ ] 云端警报：揭秘云计算安全威胁及其防御对策
• dotNet安全矩阵
  • [ ] .NET 一款支持8种方式维持权限的工具
  • [ ] 两个国内最专业的.NET安全知识库
• 数世咨询
  • [ ] 随着企业部署AI编码工具，安全问题越来越多
  • [ ] 【十佳案例】全省一体化数据基础平台 - 数据分级分类案例
• 安全研究GoSSIP
  • [ ] G.O.S.S.I.P 阅读推荐 2024-06-26 Byzantine-Robust DFL
• ChaMd5安全团队
  • [ ] 2024CISCN 华东南分区赛（AWDP）PWN题全WP
• 安全学术圈
  • [ ] 马里兰大学 | 漏洞可利用性预测
• 关键基础设施安全应急响应中心
  • [ ] 《网络暴力信息治理规定》：防治网络暴力的多维综合施策
  • [ ] LockBit 公开勒索美联储，称窃取33TB数据
  • [ ] Meta虚拟现实耳机也会被勒索软件攻击？
• 微步在线
  • [ ] 持久战，最6限免攻略！
• 绿盟科技研究通讯
  • [ ] 【公益译文】大语言模型安全测试方法
• 极客公园
  • [ ] 对话小马智行彭军：Robotaxi 的商业化要比 Robotruck 快得多
  • [ ] OpenAI「断供」，国产大模型争相推出「搬家方案」
  • [ ] OpenAI API 国内被禁，国产大模型纷纷推出搬家方案；马斯克减肥神药国内获批；谷歌将推网红聊天机器人 | 极客早知道
• CNCERT国家工程研究中心
  • [ ] 车联网数据安全体系及关键技术研究
  • [ ] 利用武器化的 Windows 快捷方式 进行无文件 RokRat 恶意软件的部署
  • [ ] 印尼国家数据中心遭勒索攻击：边检等服务中断数天 超210个政府机构被波及
• 火绒安全
  • [ ] 火绒个人版6.0常见问题
• 复旦白泽战队
  • [ ] 大模型安全性与有用性难两全？复旦团队说：鱼和熊掌可兼得！
• 中国信息安全
  • [ ] 论坛·全球人工智能治理 | 联合国框架下的全球人工智能治理现状、挑战与展望
  • [ ] 专家解读 | “三十而立”，中国网络法治迈上新台阶
  • [ ] 关注 | 公安部公布十大高发电信网络诈骗类型
  • [ ] 专家解读 | 依法精准治理网络暴力行为
  • [ ] 行业 | 蚁盾新一代风控引擎引入大模型技术 风控管理复杂度下降50%
  • [ ] 国际 | 阿桑奇“重获自由”美方为何“突然放手”
  • [ ] 关注 | 警惕网络涉毒，对毒品说“不”！
• 嘶吼专业版
  • [ ] 新的 Linux 恶意软件通过 Discord 发送的表情符号进行控制
  • [ ] 构建网络强国 展望中国网络法治未来
• 国家互联网应急中心CNCERT
  • [ ] 网络安全信息与动态周报2024年第25期（6月17日-6月23日）
• 京东安全应急响应中心
  • [ ] 「AI安全」|【京麒沙龙第十四期】赛博英杰、字节、奇安信、京东大咖分享
  • [ ] 【招聘】 | 京东数据安全招聘专场，等你投递！
• LuxSci
  • [ ] LuxSci Achieves Best-in-Class Performance for Email Security
• 黑伞安全
  • [ ] 美联储遭勒索攻击泄露33TB敏感数据
• 迪哥讲事
  • [ ] 一次报错所引发的五千漏洞赏金记录
• ICT Security Magazine
  • [ ] La sicurezza end-to-end nelle reti 5G
• bellingcat
  • [ ] Analysis Reveals Damage and Destruction of Cultural Heritage Sites in Gaza
• Logisek
  • [ ] Resilience to Threats as the Foundation of Smart Industry
• Schneier on Security
  • [ ] The US Is Banning Kaspersky
• Securityinfo.it
  • [ ] Deepen Desai: ecco come lo Zero Trust di Zscaler si adatta a intelligenze artificiali e IoT/OT
  • [ ] Lockbit rivendica un breach alla banca centrale degli Stati Uniti, ma è una farsa
  • [ ] P2Pinfect evolve e distribuisce un ransomware e un cryptominer
• Over Security - Cybersecurity news aggregator
  • [ ] Evolve Bank confirms data breach after brazen LockBit claims
  • [ ] How to Troubleshoot & Fix the “This Site Can’t Be Reached” Error
  • [ ] US accuses Russian of helping Kremlin hack Ukraine’s state computer systems
  • [ ] Data broker prepares a new driver-related product as another continues to draw scrutiny
  • [ ] CDK expects car dealership system outage to last until at least June 30
  • [ ] Progress Software elevates severity of new MOVEit bug to ‘critical’ as exploit attempts jump
  • [ ] LockBit lied: Stolen data is from a bank, not US Federal Reserve
  • [ ] CISA: Most critical open source projects not using memory safe code
  • [ ] Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
  • [ ] Polyfill Supply Chain Attack
  • [ ] Multiple vulnerabilities in TP-Link Omada system could lead to root access
  • [ ] EU blames 'clerical error' after misattributing hacks to wrong Russian spy agency
  • [ ] How the Kaspersky ban will hit resellers in the US
  • [ ] Windows 11 KB5039302 update released with 9 changes or fixes
  • [ ] Hackers target new MOVEit Transfer critical auth bypass bug
  • [ ] Windows 10 KB5039299 update released with 10 changes or fixes
  • [ ] US boosts reward for info on 'Missing Cryptoqueen' Ruja Ignatova to $5 million
  • [ ] Snowblind malware abuses Android security feature to bypass security
  • [ ] L’infostealer 0bj3ctivity è tornato in azione
  • [ ] Deepen Desai: ecco come lo Zero Trust di Zscaler si adatta a intelligenze artificiali e IoT/OT
  • [ ] RFID Hacking with Proxmark3: Cloning, Emulating, and Standalone Mode
  • [ ] Russia to ban 81 foreign media outlets in response to Europe’s sanctions
  • [ ] Lockbit rivendica un breach alla banca centrale degli Stati Uniti, ma è una farsa
  • [ ] Man arrested over 'honey trap' WhatsApp messages sent to British politicians
  • [ ] P2Pinfect evolve e distribuisce un ransomware e un cryptominer
  • [ ] Assange è libero: quali sono le implicazioni adesso? Ecco l’accordo ufficiale
• SANS Internet Storm Center, InfoCON: green
  • [ ] What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th)
  • [ ] ISC Stormcast For Wednesday, June 26th, 2024 https://isc.sans.edu/podcastdetail/9036, (Wed, Jun 26th)
• KitPloit - PenTest Tools!
  • [ ] Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
• The Hacker News
  • [ ] New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!
  • [ ] Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware
  • [ ] Practical Guidance For Securing Your Software Supply Chain
  • [ ] Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
  • [ ] New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
  • [ ] New Medusa Android Trojan Targets Banking Users Across 7 Countries
  • [ ] Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
• Trend Micro Research, News and Perspectives
  • [ ] Attackers in Profile: menuPass and ALPHV/BlackCat
• Graham Cluley
  • [ ] Smashing Security podcast #378: Julian Assange, inside a DDoS attack, and deepfake traumas
  • [ ] Introducing… The AI Fix podcast
• Palo Alto Networks Blog
  • [ ] Leverage Platformization – Strengthen, Unify and Simplify Cybersecurity Tools
• TorrentFreak
  • [ ] Filmmakers Legal Battle Over Reddit Users’ IP Addresses Heads to Appeal
  • [ ] TikTok Copyright Notices Up Again in 2023, Success Rate Collapses to 56%
• The Register - Security
  • [ ] Feds put $5M bounty on 'CryptoQueen' Ruja Ignatova
  • [ ] US convicts crypto-robbing gang leader who kidnapped victims before draining their accounts
  • [ ] Batten down the hatches, it's time to patch some more MOVEit bugs
  • [ ] Julian Assange pleads guilty, leaves courtroom a free man
  • [ ] Yahoo! Japan to waive $189 million ad revenue after detecting fraudulent clicks
  • [ ] Organized crime and domestic violence perps are big buyers of tracking devices
  • [ ] Microsoft blamed for million-plus patient record theft at US hospital giant
• Security Affairs
  • [ ] New MOVEit Transfer critical bug is actively exploited
  • [ ] New Caesar Cipher Skimmer targets popular CMS used by e-stores
• Information Security
  • [ ] Critical : CVE-2024-5988, CVE-2024-5989 : Upgrade your Rockwell Automation ThinManager ThinServer NOW!! #SCADA CVSS Score v3/v4 : 9.8/9.3
  • [ ] Urgent : CVE-2024-5806 : Authentication Bypass Vulnerability in Progress' MOVEit SSH File Transfer Protocol actively exploited in-the-wild.
• Technical Information Security Content & Discussion
  • [ ] Phantom Secrets: Undetected Secrets Expose Major Corporations
  • [ ] Learn how unsafe deserialization vulnerabilities work in Ruby projects (+ working gadget chains)
  • [ ] Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
  • [ ] A Novel DoS Vulnerability affecting WebRTC Media Servers
  • [ ] My AWS “Segmentation Test” Methodology for Pentesters v1.0
• Blackhat Library: Hacking techniques and research
  • [ ] flights airbnb uber eats ??
• Deep Web
  • [ ] what else i can do to improve my anonymity in dark web.
• Computer Forensics
  • [ ] Video Forensics: Where to Start
  • [ ] Best books for DFIR learning
  • [ ] OS X Yosemite Mac imaging
  • [ ] Are these registries suspicious?
• Your Open Hacker Community
  • [ ] Nmap help
  • [ ] Openbullet config
  • [ ] BloodHound CE refusing to work
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] Top python modules used to create tools and automate stuffs by ethicalhackers.
• Deeplinks
  • [ ] Hack of Age Verification Company Shows Privacy Danger of Social Media Laws
  • [ ] EFF Livestream Series Coming to a Platform Near You!